MikroTik

Community discussions
https://forum.mikrotik.com/

Firewall.

https://forum.mikrotik.com/viewtopic.php?t=34352

Page 1 of 1

Firewall.

Posted: Fri Aug 21, 2009 11:38 am
by dlabreu
Hi There.


I have no idea how to make it so that is way i am here, how can i make a rule to my firewall that every trafic that comes from the internet get's droop , and then i will be open just the ports that i want.

How can i do this?

Thanks


Daniel Abreu

Re: Firewall.

Posted: Fri Aug 21, 2009 1:31 pm
by Pilgrim
assuming that your LAN is 192.168.0.0/24 I believe this is a good set of rules.

It will allow per-to-per traffic on your lan and will drop all packets from trying to reach your LAN unless the traffic is initiated from the LAN side.

/ip firewall filter
add action=drop chain=forward comment="" connection-state=invalid disabled=no
add action=accept chain=forward comment="" connection-state=established disabled=no
add action=accept chain=forward comment="" connection-state=related disabled=no
add action=accept chain=forward comment="" connection-state=new disabled=no src-address=192.168.0.0/24
add action=log chain=forward comment="" disabled=no dst-address=192.168.0.0/24 log-prefix=UNWANTED src-address=!192.168.0.0/24
add action=drop chain=forward comment="" disabled=no dst-address=192.168.0.0/24 src-address=!192.168.0.0/24
add action=accept chain=input comment="" disabled=no dst-port=22 protocol=tcp src-address=192.168.0.0/24
add action=log chain=input comment="" disabled=no dst-port=22 log-prefix="" protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=22 protocol=tcp


/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no

Re: Firewall.

Posted: Fri Aug 21, 2009 2:03 pm
by dlabreu
Hi!


Thanks very much for your help , i just want one more favor , i have no idea what each rule does.

Can you please just let me know ? i will be very glad for you help!

Thanks


Daniel Abreu

Re: Firewall.

Posted: Fri Aug 21, 2009 2:43 pm
by Pilgrim
Try to reach me on skype pilgrim_dk then I can explain.

rgs Pilgrim

Re: Firewall.

Posted: Fri Aug 21, 2009 3:22 pm
by dlabreu
wend can i skype you?

Re: Firewall.

Posted: Fri Aug 21, 2009 4:32 pm
by Pilgrim
Now would be a good time. Or can be any time. If I am online then just skype me. The reason I think it is better with skype is that once you get the firewall in place then you will probably face a new set of problems with the forwarding. That's what happened in my case anyway.

rgs Pilgrim
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/